The many layers of commercial building risk management

Nowadays, we see more and more buildings becoming smart by utilizing automation and technologically advanced security systems.

This year at IFSEC International, Andrew Flint, Technical Director for EMEA at Anixter addressed the five pillars of infrastructure best practice for commercial buildings: risk management, network performance, workplace productivity, space utilization and Internetof- Things enablement within the commercial building space. Of these five pillars, Flint focused on risk management and explained how it is the first key component to building a smart commercial building.

The five layers of physical security

In terms of what is driving physical security in commercial buildings, Flint pointed to the integration of building management, providing a safe and secure workplace, and achieving that with open architecture technology.

To provide a safe workplace environment, ensuring every layer of a building is secure is of utmost importance. Flint pointed to five layers of physical security in commercial buildings: the perimeter, reception, floor levels, specialized zones and technical spaces. Properly securing each and every one of these layers is the first and most crucial step to constructing a safe and smart commercial building.

The perimeter

The property perimeter is not just a boarder, it is the first layer of commercial building protection, according to Flint.

When setting up perimeter security, it is important to consider how to control who gets into the building and when, manage entrances and exits after hours, monitor parking facilities, prevent unauthorized building access and prevent incidents on the premise. These challenges can be mitigated by deploying outdoor LED lighting, emergency communication systems, day/night video surveillance, access control and intrusion detection sensors.

The reception area

The second layer of building security addresses the reception area and how to control employee and visitor traffic. Identity and visitor management are key parts of reception security. It is important to consider whether the building has multiple tenants, and the role of reception in enforcing security policies. Reception solutions should include identity management, credential management, visitor management, badging systems, integrated video and access control.

The floor levels

On floor levels, visitor and employee traffic should be monitored for safety and access to various parts of the building. Considerations should include identifying key business areas to protect, how to secure departmental assets, how to comply with privacy regulations, and how to integrate active directories with security. Flint pointed to a number of solutions, including open architecture security systems, corporate day lockers, workplace asset management, restricted key systems, destination dispatch, restricted access level control, remote video management, fire detection and suppression, advanced notification and occupancy control. Utilizing such systems could assist with building traffic between work areas and the execution of emergency evacuation plans.

Specialized zones

Specialized zones include key business areas such as human resources to executive offices that require careful security attention. It is important to secure department assets, comply with privacy and information regulations, and integrate your active directory with security systems. Open architecture and restricted key systems, as well as corporate day lockers and workplace asset management, can assist in the protection of valuable resources and information in these specialized zones.

The technical space

Lastly is the technical space; the most critical layer of building security, as it protects networking infrastructure, IT servers and data storage. Oftentimes this layer is comprised of multiple rooms involved in IT security. Deploying solutions such as identity recognition access control, video verification and server and network cabinet-level locking systems can not only assist in securing this space, but also help with regulatory compliance, including the Sarbanes-Oxley Act in the U.S. and Payment Card Industry Data Security Standard (PCI-DSS).